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MEMORANDUM FOR: 


FROM: 


COINS PMO 


Chairman, IHC 


SUBJECT: 


Comments on Proposed Revision of Security Procedures 
Within the COINS Network 


REFERENCE: COINS PMO Letter dated 14 March 1984, Subject: Proposed 

Revision of Security Procedures Within the COINS Network 


STAT 

STAT 


1. Per the referenced request, the IHC staff has reviewed the proposed 
changes to COINS security. Many of the issues identified in the referenced 
proposal were surfaced during the development of the “Prel iminary CIRS 
Security Plan." These issues need to be resolved in both the COINS and DoDIIS 
networks. In order to insure interoperability of the two networks, the issues 
should be addressed through a joint effort with COINS and DoDIIS. 


2. I would like to surface these common issues and identify the efforts 
that are being undertaken to resolve them at a future IHC meeting. I would 
appreciate your support in helping bring these issues and alternatives for 

+^°nrir t°[! ^ P ar ^ °f the Ruth Davis computer security effort, 

the UUCI has stated as a policy that he wants "Individual Accountability" in 
automated systems and networks. While I agree with the COINS proposal to 
transition the log-on process to the user host rather than the current server 
host, we must be able to satisfy the DDCI's requirement for individual 
accountability. 


3 * 1 have attached s ome specific comments on the referenced proposal and 

have named |as the IHC staff member to work this issue. I would 

r PPr rn!^c e ^cooperation in efforts to resolve the common issues identified 
for COINS, DoDIIS, and the IHC-sponsored CIRS effort. 


Attachment No. 1: As Stated 


UNCLASSIFIED 
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Comments on New Security Proposal 
for COINS Dated 
14 March 1984 


ATTACHMENT No. 1 
Paragraph 1 - Objectives 

a. This objective is consistent with the DoD Network Security Plan 

(DNSIX) except that DNSIX provides for either user host log-on and 
authentication or service host log-on and authentication. Under 
Stage I of the CIRS security plan, NSA T-group has decided to retain 
its current log-on procedure in the WINDMILL host even though NSA 
understands that such a decision will require NSA personnel to 
maintain an extremely large authorization table. NSA considers this 
to be a decision for Stage I security only. 


b.& c. 


As more server hosts are made accessible to both the COINS and DoDIIS 
networks, it is anticipated that the maintenance of authorization and 
access control mechanisms on the server hosts will require a 
significant level of resources. We must find a way to incorporate 
the user host authentication while complying with the DDCI's 
requirement for individual accountability. 

d. This issue was surfaced in the development of the CIRS plan. Totally 
agree that COINS should be heading in this direction. The questions 
that remain are: (1) Does the DoDIIS network provide the same 
capability for the DoDIIS network? and (2) how is audit trailing 
accomplished between the two networks? 

Paragraph 2 - Proposed Procedures 

Concur with all that is proposed. The problems are (1) 
implementation, (2) transition, and (3) compatibility with DoDIIS 
network. Since DoDIIS DNSIX proposal closely matches this, suggest 
close coordination between COINS and DoDIIS for implementation. 
Possibly an executive agent should be named. 

Paragraph 4 - Discussion of Advantages/Disadvantages 

Concur with the way they are presented. It summarizes the problems 
that must be resolved in order to implement the COINS proposal. One 
additional concern under disadvantage number 3 — Some server host may 
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continue to have "internal agency" users that are not "COINS users." 
The audit data for the "internal agency" user must be maintained on 
the user host. 

OVERALL COMMENT ON SECOND ATTACHMENT TO COINS PROPOSAL 

The opening sentence overstates what we think COINS is proposing. We view 
the COINS proposal as a shift in current responsibilities and objectives 
toward consolidation of audit data and a proposal for an approach for access 
and authentication. If COINS continues to support the terminal access system 
(TAS), it appears that COINS will have to provide all security features 
identified in the proposal for a user host. 
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